Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A network vulnerability assessment method based on zero-day attack graph

An attack graph and vulnerability technology, applied in the field of network security, can solve the problems of lack of objectivity in evaluation, vulnerability analysis can not reflect the complex process of network attack, can not find potential threats, etc., to achieve the effect of improving security.

Active Publication Date: 2020-05-05
BEIJING INSTITUTE OF TECHNOLOGYGY
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

For example, many vulnerability scoring systems such as CVSS and CWSS can evaluate the severity of a single network vulnerability, but a single vulnerability analysis cannot reflect the complex process of network attacks, nor can it discover potential network threats
In addition, the evaluation method based on the Bayesian network must formulate a priori probability table in advance based on expert experience, and the probability in the Markov transfer model also lacks a basis for selection, and the evaluation is not objective.
And most of the vulnerability analysis does not consider the issue of zero-day vulnerabilities, and can not find potential threats

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A network vulnerability assessment method based on zero-day attack graph
  • A network vulnerability assessment method based on zero-day attack graph
  • A network vulnerability assessment method based on zero-day attack graph

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0028] The present invention will be described in detail below with reference to the accompanying drawings and examples.

[0029] Step 1: Obtain the information of the physical network, specifically:

[0030] From the perspective of the attacker, we collectively refer to routers, switches, bridges, computer terminals, etc. in the network as hosts; the system or installed applications of the host are called services (or applications); the users of the host have The operation of the service is called authority; the defect or error exploited on the service is called vulnerability, which are denoted by H, S, P, and V respectively. The following mapping relationship exists among the collections:

[0031] 1. Determine the services contained in each host, that is, the mapping from the host to the service set, expressed as: serv(.)={|s_http∈S,h_h1∈H};

[0032] 2. Determine which permissions each host contains, that is, the mapping from host to permission, expressed as: priv(.)={|p_u...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a network vulnerability assessment method based on zero-day attack graph. First it is assumed that all services on a host in a network contain a zero-day vulnerability, a zero-day attack graph is generated through logical reasoning of a given pattern, and then the attack cost for utilizing the zero-day vulnerability to attack is quantified based on a vulnerability scanningtechnology and CVSS vulnerability scoring system, and finally, a network centrality theory is utilized to make an analysis to obtain the key vulnerabilities in the network. All possible unknown vulnerabilities in the network are fully considered while known vulnerabilities are dealt with, so that the assessment method has the capability of dealing with unknown vulnerabilities, can discover potential network vulnerabilities through logical reasoning, and assess the security of the current network, thereby providing a reference basis for further network security protection, and improving the security, reliability and availability of the network.

Description

technical field [0001] The invention belongs to the technical field of network security, and in particular relates to a network vulnerability assessment method based on a zero-day attack graph. Background technique [0002] In the method of using vulnerabilities to assess network vulnerabilities, most researchers only analyze the damage that known vulnerabilities can cause to the network to measure network security. This does not consider the analysis method of unknown vulnerabilities, and lacks the prevention of unknown vulnerabilities. These measures are invalid for unknown vulnerabilities, so unknown vulnerabilities need to be introduced in the network vulnerability assessment. [0003] "Zero-day vulnerabilities", also known as zero-day attacks, refer to security vulnerabilities that are exploited maliciously immediately after being discovered. In layman's terms, that is, within the same day that security patches and flaws are exposed, related malicious programs appear. ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/1433H04L63/20
Inventor 胡昌振单纯蒋本富郭守坤赵小林
Owner BEIJING INSTITUTE OF TECHNOLOGYGY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products